Skip to main content
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Showing results for 
Search instead for 
Did you mean: 
mralbert
Contributor II
Contributor II

Advanced Security Rule For Streams and Private Apps

Hi,

We have a requirement to have a security model where consumers are granted access to a core stream (i.e., Stream ABC) by applying for group membership (i.e., QLIKSENSE_ABC_CONSUMER). The users would have access to all the apps  in the stream if they have membership to the corresponding consumer group.

 

However, we have a requirement to have certain apps within a stream be private. We would like the user to be required to be in the stream group as well as a private group to see these private apps (i.e., QLIKSENSE_ABC_PRIVATE_CONSUMER). We tried to write the following security rule, but it seems to not be working:

 

(

(user.environment.roles=resource.@Consumer and resource.@Hidden!="true")

or

(user.environment.roles=resource.@Consumer and resource.@Hidden="true" and user.environment.roles=resource.@Exception)

)

 

We are using SAML, so we pass through users' group memberships through an attribute called roles. We have a custom property called @Consumer which we apply to Streams and grant access if the @Consumer custom property matches one of the users' groups in the role attribute. In addition, we have a custom property on apps called @Hidden which we set to true if the app needs to be private and a custom property called @Exception to grant access to the private apps. 

 

If there is a better way of accomplishing our requirements, please suggest as we really would like to get something working... 

0 Replies